Bridge external WiFi (internet) to local LAN/WiFi

1

I have a slightly weird situation. I have internet access in my house via corporate WiFi. I want to set up a LAN with local WiFi in the house, bridging to the corporate WiFi for internet access.

So I want something like a router that has two WiFi antennae: an internal (home) WiFi and an external (corporate) WiFi connection. Then I can plug a PC in to my home ethernet/WiFi and access local shared files, printers, etc, as well the internet, as if the corporate WiFi was the ADSL/fibre/whatever line.

Does such hardware already exist? Any hints what I should be searching for?

I had considered perhaps building a PC to do this, using multiple WiFi dongles/PCIe cards. However, I really want dual-band 802.11ac, with backward compatibility to support whatever other hardware wants to connect, and I'm not convinced a little dongle acting as a "server" can provide that the way a proper router can...?

Dave

Posted 2018-09-05T21:49:41.757

Reputation: 143

1Access point in client mode wired to the router of your choice. Double NAT isn’t too much of a problem anymore but you could run into trouble with certain secure services, the larger problem is if you need a routable external IP, because the IP you acquire from the upstream network likely isn’t publicly routable. – Tyson – 2018-09-05T22:34:04.973

Thanks! I think that's more-or-less the answer (post as an answer and I'll accept). I don't expect to be able to be routable from the outside world (I presume that's for e.g. opening port 80 to run a web server from home). Looking at this access point, I think "client mode" is the same as "network bridge" mode? And for a router, does it matter if it's an ADSL or cable router? I suspect I should connect the access point to a standard ethernet port?

– Dave – 2018-09-06T09:55:57.367

The router shouldn’t have a built-in modem. There will be an ADSL version, a cable version, and a no modem version. The no modem version is what you want. (I’ll type an answer soon). – Tyson – 2018-09-06T12:20:09.067

Answers

0

OK, I can now answer my own question.

I used the hints from Tyson's comment to get me started, but there was a fair bit more I had to do. Especially as I had failed to mention the corporate network I was connecting to was WPA2-Enterprise PEAP MSCHAPv2 authenticated (eduroam).

I got some pretty cheap hardware: a TP-Link TL-WA801ND Access Point (Wireless N 300MB single-band 2.4Ghz); and an ASUS AC750 Router (Wireless AC dual-band).

Neither of these bits of hardware can connect in client mode to a host network with PEAP authentication.

I discovered an open-source firmware replacement, OpenWrt, with some Wiki articles and YouTube video promising to make client mode with PEAP possible.

I read a lot about problems with available storage space on the WA801ND access point. However, I was lucky. I was shipped a WA801ND V5, which has double the storage (8MB) of previous versions.

However, there was nothing about installing on V5 in wiki #1 and scary build instructions on wiki #2 (why are there two wikis on OpenWrt's site?).

I was double-lucky though, because I found a git commit detailing support for the V5, despite what the wikis say, and with instructions on how to flash.

Reading through some documentation, along with the instructions in the git commit, finally got OpenWrt installed on the WA801ND access point.

This gets bare-bones terminal-only firmware on the device, which doesn't support PEAP authentication in client mode.

So first step is to enable PEAP support.

OpenWrt comes with it's own package manager, but the WA801ND had no internet access, so I had to get packages manually. Unfortunately the package repository has changed structure since most of the online documentation was written, so it was tricky to find the packages.

I eventually found that there are two sub-repositories, one for the "target" (device) and one for the arch (CPU).

So, once I had downloaded and scp'd the wpad_2018-05-21-62566bc2-4_mipsel_24kc.ipk package to /tmp on the device, I could opkg remove wpad-mini then opkg install /tmp/wpad_2018-05-21-62566bc2-4_mipsel_24kc.ipk, enabling wpa_supplicant PEAP support.

I had a go at configuring the WA801ND through config files, but that's a whole big project in itself. I really wanted a web GUI interface. The standard in OpenWrt is Luci, which has a bunch of dependencies that need to be downloaded and scp'd across to the device.

Luckily, I found a wiki page with a script (near the bottom) to automate it. Unluckily, the script was old, was missing a dependency or two and had the wrong package URL. I fixed it up and voila, Luci installed!

From there it was easy to set up a client mode connection to the PEAP network through the Luci web interface on the WA801ND access point, and then plug the access point ethernet into the WAN port of the AC750 router. I had to change the subnet of the router from 192.168.1.x to 192.168.2.x so it didn't conflict with the access point. Then everything "just worked" (finally!).

The fixed-up script is appended below, for reference:

#!/bin/sh
#assumes the user has egrep, wget, ssh, and scp

# Change this to match your router
architecture="mipsel_24kc"
target="ramips/mt76x8"

# These should be fine unless you've changed something
user="root"
ip_address="192.168.1.1"


url="https://downloads.openwrt.org/snapshots/packages/${architecture}/"
target_url="http://downloads.openwrt.org/snapshots/targets/${target}/packages/"
tmpdir="/tmp/luci-offline"
packages_base="liblua lua libuci-lua libubus libubus-lua uhttpd rpcd"
packages_luci="luci-base luci-lib-ip luci-lib-nixio luci-theme-bootstrap luci-mod-admin-full luci-lib-jsonc liblucihttp liblucihttp-lua"
packages_target="libiwinfo-lua"

mkdir "$tmpdir"
cd "$tmpdir"

echo "Downloading base packages"
wget --quiet -N "${url}base/Packages" || echo "Failed to get base Packages"
for pkg in $packages_base; do
    pkgfile="$(egrep -oe " ${pkg}_.+" Packages | tail -c +2)"
    pkgurl="${url}base/${pkgfile}"
    wget --quiet -N "$pkgurl" || echo "Failed to fetch $pkg"
done

echo "Downloading Luci packages"
wget --quiet -N "${url}luci/Packages" || echo "Failed to get luci Packages"
for pkg in $packages_luci; do
    pkgfile="$(egrep -oe " ${pkg}_.+" Packages | tail -c +2)"
    pkgurl="${url}luci/${pkgfile}"
    wget --quiet -N "$pkgurl" || echo "Failed to fetch $pkg"
done

echo "Downloading target-specific packages"
wget --quiet -N "${target_url}/Packages" || echo "Failed to get target Packages"
for pkg in $packages_target; do
    pkgfile="$(egrep -oe " ${pkg}_.+" Packages | tail -c +2)"
    pkgurl="${target_url}/${pkgfile}"
    echo "Downloading $pkgurl"
    wget --quiet -N "$pkgurl" || echo "Failed to fetch $pkg"
done

echo "Copying packages to device"
ssh "${user}@${ip_address}" mkdir -p /tmp/luci-offline-packages
scp *.ipk "${user}@${ip_address}":/tmp/luci-offline-packages
echo "Installing pacakges"
ssh "${user}@${ip_address}" opkg install /tmp/luci-offline-packages/*.ipk
echo "Deleting packages from device"
ssh "${user}@${ip_address}" rm -rf /tmp/luci-offline-packages/

echo "Starting HTTP server and enabling on boot"
ssh "${user}@${ip_address}" /etc/init.d/uhttpd start
ssh "${user}@${ip_address}" /etc/init.d/uhttpd enable

echo "Deleting packages from PC"
cd
rm -rf "$tmpdir"

Dave

Posted 2018-09-05T21:49:41.757

Reputation: 143

Asked: 2018-09-05T21:49:41.757

Viewed: 139 times

Active: 2018-09-15T23:51:43.100